1 // Copyright 2019 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16
17 #include "tink/util/validation.h"
18
19 #include <limits>
20
21 #include "gmock/gmock.h"
22 #include "gtest/gtest.h"
23 #include "absl/status/status.h"
24 #include "tink/util/test_matchers.h"
25
26 namespace crypto {
27 namespace tink {
28
29 namespace {
30
31 using crypto::tink::test::IsOk;
32 using crypto::tink::test::StatusIs;
33 using google::crypto::tink::KeyData;
34 using testing::Not;
35
TEST(ValidateKey,ValidKey)36 TEST(ValidateKey, ValidKey) {
37 google::crypto::tink::Keyset::Key key;
38 key.set_key_id(100);
39 key.mutable_key_data()->set_value("some value");
40 key.set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
41 key.set_status(google::crypto::tink::KeyStatusType::ENABLED);
42 EXPECT_THAT(crypto::tink::ValidateKey(key), IsOk());
43 }
44
TEST(ValidateKey,MissingOutputPrefixType)45 TEST(ValidateKey, MissingOutputPrefixType) {
46 google::crypto::tink::Keyset::Key key;
47 key.set_key_id(100);
48 key.mutable_key_data()->set_value("some value");
49 key.set_status(google::crypto::tink::KeyStatusType::ENABLED);
50 EXPECT_THAT(crypto::tink::ValidateKey(key),
51 StatusIs(absl::StatusCode::kInvalidArgument));
52 }
53
TEST(ValidateKey,MissingKeyData)54 TEST(ValidateKey, MissingKeyData) {
55 google::crypto::tink::Keyset::Key key;
56 key.set_key_id(100);
57 key.set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
58 key.set_status(google::crypto::tink::KeyStatusType::ENABLED);
59 EXPECT_THAT(crypto::tink::ValidateKey(key),
60 StatusIs(absl::StatusCode::kInvalidArgument));
61 }
62
TEST(ValidateKey,MissingStatus)63 TEST(ValidateKey, MissingStatus) {
64 google::crypto::tink::Keyset::Key key;
65 key.set_key_id(100);
66 key.mutable_key_data()->set_value("some value");
67 key.set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
68 EXPECT_THAT(crypto::tink::ValidateKey(key),
69 StatusIs(absl::StatusCode::kInvalidArgument));
70 }
71
TEST(ValidateKeyset,Valid)72 TEST(ValidateKeyset, Valid) {
73 google::crypto::tink::Keyset keyset;
74 google::crypto::tink::Keyset::Key* key = keyset.add_key();
75 key->set_key_id(100);
76 key->mutable_key_data()->set_value("some value");
77 key->set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
78 key->set_status(google::crypto::tink::KeyStatusType::ENABLED);
79 keyset.set_primary_key_id(100);
80 EXPECT_THAT(crypto::tink::ValidateKeyset(keyset), IsOk());
81 }
82
TEST(ValidateKeyset,ValidMultipleKeys)83 TEST(ValidateKeyset, ValidMultipleKeys) {
84 google::crypto::tink::Keyset keyset;
85 google::crypto::tink::Keyset::Key* key = keyset.add_key();
86 key->set_key_id(32);
87 key->mutable_key_data()->set_value("some value");
88 key->set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
89 key->set_status(google::crypto::tink::KeyStatusType::ENABLED);
90 key = keyset.add_key();
91 key->set_key_id(100);
92 key->mutable_key_data()->set_value("some other value");
93 key->set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
94 key->set_status(google::crypto::tink::KeyStatusType::ENABLED);
95 key = keyset.add_key();
96 key->set_key_id(18);
97 key->mutable_key_data()->set_value("some third value");
98 key->set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
99 key->set_status(google::crypto::tink::KeyStatusType::ENABLED);
100 keyset.set_primary_key_id(100);
101 EXPECT_THAT(crypto::tink::ValidateKeyset(keyset), IsOk());
102 }
103
104 // Tests that a keyset with duplicate primary id is rejected
TEST(ValidateKeyset,DuplicatePrimaryId)105 TEST(ValidateKeyset, DuplicatePrimaryId) {
106 google::crypto::tink::Keyset keyset;
107 google::crypto::tink::Keyset::Key* key = keyset.add_key();
108 key->set_key_id(100);
109 key->mutable_key_data()->set_value("some value");
110 key->set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
111 key->set_status(google::crypto::tink::KeyStatusType::ENABLED);
112 key = keyset.add_key();
113 key->set_key_id(100);
114 key->mutable_key_data()->set_value("some other value");
115 key->set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
116 key->set_status(google::crypto::tink::KeyStatusType::ENABLED);
117 keyset.set_primary_key_id(100);
118 EXPECT_THAT(crypto::tink::ValidateKeyset(keyset), Not(IsOk()));
119 }
120
121 // Tests that a keyset with public keys only doesn't need a primary id
TEST(ValidateKeyset,OnlyPublicKeys)122 TEST(ValidateKeyset, OnlyPublicKeys) {
123 google::crypto::tink::Keyset keyset;
124 google::crypto::tink::Keyset::Key* key = keyset.add_key();
125 key->set_key_id(32);
126 key->mutable_key_data()->set_value("some value");
127 key->mutable_key_data()->set_key_material_type(KeyData::ASYMMETRIC_PUBLIC);
128 key->set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
129 key->set_status(google::crypto::tink::KeyStatusType::ENABLED);
130 key = keyset.add_key();
131 key->set_key_id(100);
132 key->mutable_key_data()->set_value("some other value");
133 key->mutable_key_data()->set_key_material_type(KeyData::ASYMMETRIC_PUBLIC);
134 key->set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
135 key->set_status(google::crypto::tink::KeyStatusType::ENABLED);
136 key = keyset.add_key();
137 key->set_key_id(18);
138 key->mutable_key_data()->set_value("some third value");
139 key->mutable_key_data()->set_key_material_type(KeyData::ASYMMETRIC_PUBLIC);
140 key->set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
141 key->set_status(google::crypto::tink::KeyStatusType::ENABLED);
142 EXPECT_THAT(crypto::tink::ValidateKeyset(keyset), IsOk());
143 }
144
TEST(ValidateKeyset,PrimaryIdNonExistent)145 TEST(ValidateKeyset, PrimaryIdNonExistent) {
146 google::crypto::tink::Keyset keyset;
147 google::crypto::tink::Keyset::Key* key = keyset.add_key();
148 key->set_key_id(100);
149 key->mutable_key_data()->set_value("some value");
150 key->set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
151 key->set_status(google::crypto::tink::KeyStatusType::ENABLED);
152 keyset.set_primary_key_id(99);
153 EXPECT_THAT(crypto::tink::ValidateKeyset(keyset),
154 StatusIs(absl::StatusCode::kInvalidArgument));
155 }
156
TEST(ValidateKeyset,ValidHighId)157 TEST(ValidateKeyset, ValidHighId) {
158 google::crypto::tink::Keyset keyset;
159 google::crypto::tink::Keyset::Key* key = keyset.add_key();
160 key->set_key_id(std::numeric_limits<uint32_t>::max());
161 key->mutable_key_data()->set_value("some value");
162 key->set_output_prefix_type(google::crypto::tink::OutputPrefixType::TINK);
163 key->set_status(google::crypto::tink::KeyStatusType::ENABLED);
164 keyset.set_primary_key_id(std::numeric_limits<uint32_t>::max());
165 EXPECT_THAT(crypto::tink::ValidateKeyset(keyset), IsOk());
166 }
167
168 } // namespace
169
170 } // namespace tink
171 } // namespace crypto
172